Permission Entry Dialog Box

Folder permissions include Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. For information about these permissions, see File and Folder Permissions. Each of these permissions consists of a logical group of special permissions, which are listed and defined below. Not all of the special permissions will apply to all objects.

Permission

Description

Traverse Folder/Execute File

Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders. Traverse Folder takes effect only when the group or user is not granted the Bypass traverse checking user right in the Group Policy Management Console. By default, the Everyone group is granted the Bypass traverse checking user right. (Applies to folders only.)

Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.

List Folder/Read Data

List Folder allows or denies viewing file names and subfolder names within the folder. List Folder affects the contents of that folder only and does not affect whether the folder you are setting the permission on will be listed. (Applies to folders only.)

Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data. (Applies to files only.)

Write Attributes

Allows or denies changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by NTFS.

The Write Attributes permission does not imply creating or deleting files or folders; it only includes the permission to make changes to the attributes of a file or folder. To allow (or deny) create or delete operations, see Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete.

Write Extended Attributes

Allows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.

The Write Extended Attributes permission does not imply creating or deleting files or folders; it only includes the permission to make changes to the attributes of a file or folder. To allow (or deny) create or delete operations, see Create Files/Write Data, Create Folders/Append Data, Delete Subfolders and Files, and Delete.

Delete Subfolders and Files

Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file.

Delete

Allows or denies deleting the file or folder. If you do not have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files on the parent folder.

Read Permissions

Allows or denies reading permissions of the file or folder, such as Full Control, Read, and Write.

Change Permissions

Allows or denies changing permissions of the file or folder, such as Full Control, Read, and Write.

Take Ownership

Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions on the file or folder.

Synchronize

Allows or denies different threads to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multithreaded, multiprocess programs.

Note

You will not be able to access an encrypted file without the Encrypting File System (EFS) key, even if you have the necessary permissions.